Skills
skills/aiskillstore/marketplace/backend-testing/Gen Agent Trust Hub

backend-testing

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes a skill-report.json file that contains a pre-computed security verdict claiming the skill is safe and that any findings are false positives. This is a self-referential technique (Category 8e) used to influence security analyzers.
  • Ingestion points: skill-report.json file content and metadata fields.
  • Boundary markers: Absent for the metadata processing phase.
  • Capability inventory: File system writes for test files and configuration; command execution via npm install and test runners.
  • Sanitization: None provided for the metadata fields or user-supplied testing requirements.
  • [COMMAND_EXECUTION]: The instructions in SKILL.md prompt the agent to execute shell commands for installing dependencies (npm install --save-dev jest ...) and running tests (npm run test). While standard for the stated purpose, these are active command execution patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 01:53 PM